-
Notifications
You must be signed in to change notification settings - Fork 154
Detailed NPK Settings
NPK uses a single settings file npk/terraform/npk-settings.json
in JSON format to specify all the details of your NPK deployment. You can read about each setting, its effects, and its expected values below.
NPK ships with a 'sample' settings file to get you started. Simply copy npk/terraform/npk-settings.json.sample
to npk/terraform/npk-settings.json
for a good starting point.
The backend_bucket setting specifies the AWS S3 bucket that will be used to host the Terraform state files for both NPK and NPK-selfhost (when used). Since this defines the name of an AWS S3 bucket, it must be universally unique. Deploy.sh will check whether this bucket exists in your account, and will create it for you if it doesn't exist. This value should never be changed after deployment.
This setting has no functional default value, and must be changed prior to deployment.
Allowed values are any allowed AWS S3 bucket name. See more here
This setting specifies the named credential profile that both AWS CLI and Terraform will use when deploying NPK. It must match the profile name within ~/.aws/credentials exactly.
Default value: "npk".
Allowed Values: a string matching the name of an AWS Credential profile in ~/.aws/credentials.
This setting specifies an SMS destination which will receive text messages should any catastrophic management plane events occur. These alerts include the failure of the management plane to terminate cost-overrun campaigns, which if not addressed, could result in a campaign cost of up to 2x the configured limit.
This setting has no functional default value, and must be changed prior to deployment.
Allowed Values: A string of an SMS-compatible phone number, in the format "+<country_code><phone_number>"
This setting specifies the email address of the administrator user of the NPK deployment. This will also correspond with the initial user created during deployment. The provided email address must be capable of receiving the invitation email, otherwise you will be unable to log in.
This setting has no functional default value, and must be changed prior to deployment.
Allowed Values: A string of a functional email address.
This setting is used for troubleshooting, and determines whether additional information is logged by Lambda functions. While this may increase costs by a few cents per month, it is recommended that this value be set to 'true'.
Default Value: false
Allowed Values: A boolean true or false, without quotes.
This setting specifies the length of time that user-uploaded files and campaign results should persist in S3 before they are automatically deleted.
Default value: 604800 seconds (7 days)
Allowed Values: integer seconds. Values under 3600 will cause issues with campaigns.
This setting specifies the 'hard limit' of cost for any given campaign run by NPK. The campaign builder will allow campaigns in excess of this to be created, but will terminate the instances when the total cost exceeds this value.
Default value: 50 dollars
Allowed Values: integer dollars.
This setting specifies what geographic regions are permitted to access the NPK UI in a 'whitelist' behavior. Regions not specified here will receive an HTTP '403 Forbidden' error when attempting to access the UI.
Default value: ["US", "CA", "GB", "DE"]
Allowed Values: Array of strings, each string being an ISO 3166-1 alpha-2 country code. If you wish to disable the restriction, you can put an empty array [] or remove the setting entirely.
NPK allows you to specify custom DNS names for the deployment. This would allow your users to access NPK from, for example, https://npk.<your.domain>
. If useCustomDNS
is set to false, the remaining settings can be omitted.
This setting specifies whether NPK will be deployed using custom DNS FQDNS for the API and UI components. Setting this to 'true' requires that route53Zone and dnsNames settings are also provided.
Default value: false
Allowed Values: boolean true or false, without quotes.
This setting specifies the AWS Route53 Zone ID that NPK will use when creating DNS records.
This setting has no functional default value, and must be changed prior to deployment.
Allowed Values: A string of an active AWS Route53 Zone ID in the same AWS Account.
This setting specifies the DNS FQDNs that will be associated with the NPK deployment. www
will correspond to the NPK Console UI, and api
will correspond to the API Gateway used by the multiple components within NPK.
This setting has no functional default value, and must be changed prior to deployment.
Allowed Values: An object with keys www
and api
, each representing an array with a single string value of the desired FQDN for the component. The FQDNs provided must be within the authoritative namespace of the Route53 Zone provided in route53Zone.
NPK allows you to configure a SAML-based federated identity provider to allow SSO to the NPK UI. This allows users to log into NPK using an external federated identity provider. NPK currently only supports SAML authentication for deployments which use custom DNS.
This setting specifies whether NPK should itegrate with a SAML-based Federated identity provider. This allows users to log into NPK using credentials from an on-premise Active Directory, Okta, or similar SAML-supported authentication provider. Setting this to true
also requires EITHER sAMLMetadataUrl
or sAMLMetadataFile
options to be set, but not both.
Default Value: false
Allowed Values: A boolean true or false, without quotes.
This setting specifies the file path for a SAML Metadata XML file, which NPK will consume to configure federated authentication and authorization to the NPK UI. This file will typically be exported from your federated identity provider, such as ADFS, Okta, etc.
This setting has no functional default value, and must be changed prior to deployment. Additionally, this setting can be removed entirely if useSAML is false.
Allowed Values: A string representing the full path to the SAML Metadata XML file you intend to use for SSO.
Some SAML providers expose XML files via a publicly-accessible URL, which consumers can use to keep their configurations up-to-date automatically. This setting allows you to specify a URL for the SAML Metadata XML file instead of providing a static file. NPK will then consume the file at this URL to configure federated authentication and authorization to the NPK UI. This URL will typically be provided by your federated identity provider, such as ADFS, Okta, etc.
This setting has no functional default value, and must be changed prior to deployment. Additionally, this setting can be removed entirely if useSAML is false.
Allowed Values: A string representing the protocol ('https://') and URL to the SAML Metadata XML file you intend to use for SSO.